Cryptology ePrint Archive: Report 2017/338

A Traceability Analysis of Monero's Blockchain

Amrit Kumar and Clément Fischer and Shruti Tople and Prateek Saxena

Abstract: Monero is a cryptocurrency that has rapidly gained popularity since
its launch in April 2014. The source of its growth can be mainly
attributed to its unique privacy properties that go well beyond the
pseudonymity property of cryptocurrencies such as Bitcoin.
In this work, we conduct a forensic analysis of the Monero
blockchain. Our main goal is to investigate Monero’s untraceability
guarantee, which essentially means that given a transaction input,
the real output being redeemed in it should be anonymous among
a set of other outputs. To this end, we develop three heuristics that
lead to simple-to-implement attack routines.

We evaluate our attacks on the Monero blockchain and show
that in 87% of cases, the real output being redeemed can be easily
identified with certainty. Moreover, we have compelling evidence
that two of our attacks also extend to Monero RingCTs — the second
generation Monero that even hides the transaction value.
Furthermore, we observe that for over 98% of the inputs that
we have been able to trace, the real output being redeemed in it
is the one that has been on the blockchain for the shortest period
of time. This result shows that the mitigation measures currently
employed in Monero fall short of preventing temporal analysis.

Motivated by our findings, we also propose a new mitigation strategy
against temporal analysis. Our mitigation strategy leverages the
real spending habit of Monero users.